Security News > 2022 > May > Ukrainian CERT Warns Citizens of a New Wave of Attacks Distributing Jester Malware
The Computer Emergency Response Team of Ukraine has warned of phishing attacks that deploy an information-stealing malware called Jester Stealer on compromised systems.
The mass email campaign carries the subject line "Chemical attack" and contains a link to a macro-enabled Microsoft Excel file, opening which leads to computers getting infected with Jester Stealer.
Jester Stealer, which was first documented by Cyble in February 2022, comes with features to steal and transmit login credentials, cookies, and credit card information along with data from passwords managers, chat messengers, email clients, crypto wallets, and gaming apps to the attackers.
The Jester Stealer campaign coincides with another phishing attack that CERT-UA has attributed to the Russian nation-state actor tracked as APT28.
The emails, titled "??????????", masquerade as a security notification from CERT-UA and come with a RAR archive file "UkrScanner.rar" attachment that, when opened, deploys a malware called CredoMap v2.
"Unlike prior versions of this stealer malware, this one uses the HTTP protocol for data exfiltration," CERT-UA noted.
News URL
https://thehackernews.com/2022/05/ukrainian-cert-warns-citizens-of-new.html
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- CoralRaider attacks use CDN cache to push info-stealer malware (source)